<?php
/*
   Copyright 2012 BiSe Trojanov

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
   You may obtain a copy of the License at

       http://www.apache.org/licenses/LICENSE-2.0

   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
*/
 require_once('config.php');

 $edit=preg_replace('|[/\\\\]|','',$_POST['opt_edit']);
 //echo '<pre>';print_r($_POST);print_r($_FILES);echo '</pre>';
 
 if (strlen($edit)<1 or
     strlen($_POST['opt_id'])<1 or
     strlen($_POST['opt_table'])<1){
  echo 'No, you can\'t';
  exit;
 }
 
 if (preg_match('|^_users$|i',$_GET['opt_table']) and !iamd()){
  header('http/1.0 403');
  echo 'No, you can not edit records from admin table</body></html>';
  exit;
 }
 
 if (file_exists($sad_root.'/templates/edit/'.$edit.'.before')){
  include($sad_root.'/templates/edit/'.$edit.'.before');
 }

 //create table
 mysql_query('CREATE TABLE if not exists `'.sad_safe_mysql($sad_prefix.$_POST['opt_table']).'` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`i` INT NOT NULL ,
`sname` TEXT NOT NULL ,
`parent` TEXT NOT NULL ,
INDEX (`i`)
) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_unicode_ci COMMENT="'.sad_safe_mysql($sad_domain.' / '.time().' / edit').'";');
 
 $sql='';//update_sql
 $sql1=''; $sql2='';//insert sql
 foreach ($_POST as $key => $value){
  if (preg_match('|^opt_|i',$key)){continue;}
  // add columns and longtext instead of text
  if (strlen($value)>65500){$l='long';}else{$l='';}
  mysql_query('ALTER TABLE `'.sad_safe_mysql($sad_prefix.$_POST['opt_table']).
              '` ADD COLUMN `'.sad_safe_mysql($key).'` '.$l.'text NOT NULL');
  if (strlen($value)>65500){
   mysql_query('ALTER TABLE `'.sad_safe_mysql($sad_prefix.$_POST['opt_table']).'` MODIFY COLUMN `'.
               sad_safe_mysql($key).'` longtext NOT NULL;');
  }
  
  // add sql code
  $sql .=', `'.sad_safe_mysql($key).'`="'.sad_safe_mysql($value).'"';
  $sql1.=', `'.sad_safe_mysql($key).'`';
  $sql2.=', "'.sad_safe_mysql($value).'"';
 }
 error_reporting(E_ALL);
 // add 
 for ($img_i=0;isset($_POST['opt_image_'.$img_i.'_oldvalue']);$img_i++){
  if (!isset($_FILES['opt_image_'.$img_i.'_file'])){
   $sql .=', `'.sad_safe_mysql($_POST['opt_image_'.$img_i.'_name']).'`="'.sad_safe_mysql($_POST['opt_image_'.$img_i.'_oldvalue']).'"';
   $sql1.=', `'.sad_safe_mysql($_POST['opt_image_'.$img_i.'_name']).'`';
   $sql2.=', "'.sad_safe_mysql($_POST['opt_image_'.$img_i.'_oldvalue']).'"';
   continue;
  }
  
  // upload image
  list($org_width, $org_height, $tt) = getimagesize($_FILES['opt_image_'.$img_i.'_file']['tmp_name']);
  if ($tt<1 or $tt>3){continue;}
  if (filesize($_FILES['opt_image_'.$img_i.'_file']['tmp_name'])>$_POST['opt_image_'.$img_i.'_size']){continue;}
  if ($_POST['opt_image_'.$img_i.'_width'] <$org_width){ continue;}
  if ($_POST['opt_image_'.$img_i.'_height']<$org_height){continue;}
  $md5_t=md5_file($_FILES['opt_image_'.$img_i.'_file']['tmp_name']);
  $t='/storage/'.sad_safe_path($_POST['opt_image_'.$img_i.'_path']).'/'.$md5_t.'.'.$imgs_ext[$tt];
  $new_file=$sad_root.$t;
  
  $a=explode('/',sad_safe_path($_POST['opt_image_'.$img_i.'_path']));$pp=$sad_root.'/storage/';
  foreach ($a as $dir){$pp.=$dir.'/';mkdir($pp);}
  
  copy($_FILES['opt_image_'.$img_i.'_file']['tmp_name'],$new_file);
  $sql .=', `'.sad_safe_mysql($_POST['opt_image_'.$img_i.'_name']).'`="'.sad_safe_mysql($t).'"';
  $sql1.=', `'.sad_safe_mysql($_POST['opt_image_'.$img_i.'_name']).'`';
  $sql2.=', "'.sad_safe_mysql($t).'"';
  mysql_query('ALTER TABLE `'.sad_safe_mysql($sad_prefix.$_POST['opt_table']).'` ADD COLUMN `'.
              sad_safe_mysql($_POST['opt_image_'.$img_i.'_name']).'` text NOT NULL');
  
  for ($img_j=0;isset($_POST['opt_image_'.$img_i.'_'.$img_j.'_width']);$img_j++){
   $a=explode('/',sad_safe_path($_POST['opt_image_'.$img_i.'_'.$img_j.'_path']));$pp=$sad_root.'/storage/';
   foreach ($a as $dir){$pp.=$dir.'/';mkdir($pp);}
   
   $thumb='/storage/';
   $t1=sad_safe_path($_POST['opt_image_'.$img_i.'_'.$img_j.'_path']).'/';
   if (strlen($t1)>1){$thumb.=$t1;}
   $thumb.=$_POST['opt_image_'.$img_i.'_'.$img_j.'_prefix'].$md5_t.'.'.$_POST['opt_image_'.$img_i.'_'.$img_j.'_filetype'];
   if ($thumb==$t){continue;}
   ImageResize($new_file,$sad_root.$thumb,$_POST['opt_image_'.$img_i.'_'.$img_j.'_width'],$_POST['opt_image_'.$img_i.'_'.$img_j.'_height']);
  }
 }
 //echo sad_safe_html($sql).'<br />'.sad_safe_html($sql1).'<br />'.sad_safe_html($sql2).'<br />';exit;
 
 // update table
 if ((int)$_POST['opt_id']>0){
  //edit
  mysql_query('update `'.sad_safe_mysql($sad_prefix.$_POST['opt_table']).
              '` set '.substr($sql,2).' where `id`='.$_POST['opt_id']);
 }else{
  //add
  mysql_query('insert into `'.sad_safe_mysql($sad_prefix.$_POST['opt_table']).
              '` ('.substr($sql1,2).') VALUES ('.substr($sql2,2).')');
 }

 if (file_exists($sad_root.'/templates/edit/'.$edit.'.after')){
  include($sad_root.'/templates/edit/'.$edit.'.after');
 }

?><script>window.close();</script>You can safely close this window.